This is where .NET and PDF come together. We develop a handful of .NET components that create, manipulate and render PDF documents. This blog is used to post insights about the PDF format and how to use our software.

Wednesday, January 26, 2011

Digital Signatures and PDF Documents

Digital signatures can be used to authenticate the source of a PDF document (who signed it?) and to provide the integrity of a PDF document (did the document change after it was signed?). In this article I will show how to apply one or more digital signatures and how to verify digital signatures using PDFKit.NET 3.0.

Signing

Consider the following form:

This form has two sections of form fields; one for the student and one for the teacher. Normally, first the student will fill out his portion and sign the document. This can be achieved programmatically as follows:

If you look at the code, it is practically the same as the previous code sample. The only significant difference is that I pass an extra argument to the Document.Write method: DocumentWriteMode.AppendUpdate. This tells PDFKit.NET to save all changes as a so-called Update. I will discuss this in the next section.

After executing the code above and opening the PDF document in the PDF reader, the document looks as follows:

Note that the icon of the first signature has changed to a warning sign. This indicates that "the document has been updated since signed". This is exactly the case.

Updates

Note that when we saved the second signature, we passed an extra argument to Document.Write, namely DocumentWriteMode.AppendUpdate. This instructs PDFKit.NET to save the new field data and the signature as an Update. This means that the original PDF data is left entirely intact and the changes are concatenated. The figure below illustrates this.

Consequently, the first signature remains valid because the exact data that was signed hasn't changed; we have just added an update.

So after saving the update there are now in fact two versions of the document; one that signed by the student and one that was signed by the teacher. It is useful to retrieve the exact document to which a given signature was applied. Obviously the signer only vows for that version and not for the versions that were created afterwards.

Given a document you can enumerate all updates or versions of the document and save a copy to disk as follows:

But perhaps even more interesting, you can open a signed document and per signature field you can retrieve the signed update. The following code sample enumerates all signature fields and saves the signed update.

// -----------------------------------------------------------
// ENUMERATE SIGNATURE FIELDS AND SAVE SIGNED UPDATE PER FIELD
// -----------------------------------------------------------
using (FileStream sourceFile = new FileStream(
"signedByTeacher.pdf", FileMode.Open, FileAccess.Read))
{
// open the form
Document document = new Document(sourceFile);
foreach (Field field in document.Fields)
{
// is this a signature field?
SignatureField sigField = field as SignatureField;
if (null != sigField)
{
// has it been signed?
if (sigField.IsSigned)
{
// save the update and name it after the field
string name = string.Format(
"{0}.pdf", sigField.FullName);
using (FileStream updateFile = new FileStream(
name, FileMode.Create, FileAccess.Write))
{
sigField.SignedUpdate.Write(updateFile);
}
}
}
}
}

After executing this code, two new PDF documents have been saved: studentSignature.pdf and teacherSignature.pdf. Each document shows the version that was signed by the respective field.

Verifying

Until now we have discussed signing documents. The verification was left to the PDF reader application. But PDFKit.NET also allows you to verify signatures programmatically. This is extremely simple as shown in the next code sample. The sample opens the PDF document that was signed by the student and the teacher and enumerates the signature fields. Per signature, information about the signature state is written to the console.

2 comments:

Good article. With the help of this article I have learn a lot about digital signatures and PDF documents. In this article you have nicely explained how to apply one or more digital signatures to a PDF document and how to verify them. Thanks for sharing this informative article.PDF signature